📚 The CoCalc Library - books, templates and other resources
cocalc-examples / martinthoma-latex-examples / publications / Seminar-Kognitive-Automobile / literatur.bib
132939 viewsLicense: OTHER
% This file was created with JabRef 2.10.1% Encoding: Cp1252234@String { apr = {April} }5@String { aug = {August} }6@String { dec = {Dezember} }7@String { feb = {Februar} }8@String { jan = {Januar} }9@String { jul = {Juli} }10@String { jun = {Juni} }11@String { mar = {M{\"a}rz} }12@String { may = {Mai} }13@String { nov = {November} }14@String { oct = {Oktober} }15@String { sep = {September} }1617@Misc{Albert2012,18Title = {Understanding C by learning assembly},1920Author = {David Albert},21Month = sep,22Year = {2012},2324Comment = {Verf{\"u}gbar unter \url{https://www.recurse.com/blog/7-understanding-c-by-learning-assembly}},25Owner = {Martin Thoma},26Timestamp = {2015.09.02},27Url = {https://www.recurse.com/blog/7-understanding-c-by-learning-assembly}28}2930@Misc{Arora2013,31Title = {Buffer Overflow Attack Explained with a {C} Program Example},3233Author = {Himanshu Arora},34Month = jun,35Year = {2013},3637Owner = {Martin Thoma},38Timestamp = {2015.09.02},39Url = {http://www.thegeekstuff.com/2013/06/buffer-overflow/}40}4142@Misc{Bendersky2011,43Title = {Stack frame layout on x86-64},4445Author = {Eli Bendersky},46Month = sep,47Year = {2011},4849Owner = {Martin Thoma},50Timestamp = {2015.09.02},51Url = {http://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64/}52}5354@Misc{Bray2002,55Title = {Compiler Security Checks In Depth},5657Author = {Brandon Bray},58HowPublished = {MSDN},59Month = feb,60Year = {2002},6162Owner = {Martin Thoma},63Timestamp = {2015.06.29},64Url = {https://msdn.microsoft.com/en-us/library/aa290051(v=vs.71).aspx}65}6667@InProceedings{Checkoway2011,68Title = {Comprehensive Experimental Analyses of Automotive Attack Surfaces},69Author = {Checkoway, Stephen and McCoy, Damon and Kantor, Brian and Anderson, Danny and Shacham, Hovav and Savage, Stefan and Koscher, Karl and Czeskis, Alexei and Roesner, Franziska and Kohno, Tadayoshi},70Booktitle = {Proceedings of the 20th USENIX Conference on Security},71Year = {2011},7273Address = {Berkeley, CA, USA},74Pages = {6--6},75Publisher = {USENIX Association},76Series = {SEC'11},7778Abstract = {Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model--requiring prior physical access--has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.},79Acmid = {2028073},80File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/cars-usenixsec2011.pdf:PDF},81Location = {San Francisco, CA},82Numpages = {1},83Owner = {Martin Thoma},84Timestamp = {2015.04.24},85Url = {http://dl.acm.org/citation.cfm?id=2028067.2028073}86}8788@Misc{Sky2014,89Title = {Thousands Of Cars Stolen Using Hi-Tech Gadgets},9091Author = {Thomas Cheshire},92Month = may,93Year = {2014},9495Abstract = {A Sky News investigation finds that almost half the 89,000 vehicles broken into in London last year were hacked electronically.},96Owner = {Martin Thoma},97Timestamp = {2015.06.15},98Url = {http://news.sky.com/story/1257320/thousands-of-cars-stolen-using-hi-tech-gadgets}99}100101@Book{Eckert2012,102Title = {IT-Sicherheit},103Author = {Claudia Eckert},104Publisher = {Oldenbourd Wissenschaftsverlag GmbH},105Year = {2012},106107Owner = {Martin Thoma},108Timestamp = {2015.06.29}109}110111@Misc{Richtlinie70/156/EWG:Fahrzeugklassen,112Title = {Richtlinie des {Rates} 70/156/EWG},113114Author = {{Europ\"{a}ischer Rat}},115Month = feb,116Year = {1970},117118Owner = {Martin Thoma},119Timestamp = {2015.06.11},120Url = {http://eur-lex.europa.eu/legal-content/DE/TXT/?qid=1434048145188&uri=CELEX:31970L0156}121}122123@Misc{EURegulation2015/ecall,124Title = {Verordnung ({EU}) 2015/758 des Europ\"{a}ischen {Parlaments} und des {Rates}},125126Author = {{European Parliament, Council of the European Union}},127Month = apr,128Year = {2015},129130File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/EU-Verordnung-2015-758-ecall.pdf:PDF},131Owner = {Martin Thoma},132Timestamp = {2015.06.01},133Url = {http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015R0758}134}135136@Misc{EURegulation661/2009,137Title = {Verordnung ({EG}) Nr. 661/2009 des Europ\"{a}ischen {Parlaments} und des {Rates}},138139Author = {{European Parliament, Council of the European Union}},140Month = jul,141Year = {2009},142143File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/EU-Verordnung-661-2009.pdf:PDF},144Owner = {Martin Thoma},145Timestamp = {2015.06.01},146Url = {http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32009R0661}147}148149@Misc{EUDirective98/69/EC,150Title = {Richtlinie {98/69/EC} des Europ\"{a}ischen {Parlaments} und des {Rates}},151152Author = {{European Parliament, Council of the European Union}},153Month = oct,154Note = {\newline\url{http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:31998L0069}},155Year = {1998},156157File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/EU-Richtlinie-98-69-EG.pdf:PDF},158Owner = {Martin Thoma},159Timestamp = {2015.06.01},160Url = {http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:31998L0069}161}162163@InProceedings{Foster2015,164Title = {Fast and Vulnerable: A Story of Telematic Failures},165Author = {Ian Foster and Andrew Prudhomme and Karl Koscher and Stefan Savage},166Booktitle = {9th USENIX Workshop on Offensive Technologies (WOOT 15)},167Year = {2015},168169Address = {Washington, D.C.},170Month = aug,171Publisher = {USENIX Association},172173File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/woot15-paper-foster.pdf:PDF},174Url = {https://www.usenix.org/system/files/conference/woot15/woot15-paper-foster.pdf}175}176177@InProceedings{Francillon2011,178Title = {Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars},179Author = {Aurelien Francillon AND Boris Danev AND Srdjan Capkun},180Booktitle = {NDSS},181Year = {2011},182183File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/relay-attacks-on-passive-keyless-entry-and-start-systems-in-modern-cars.pdf:PDF},184Owner = {Martin Thoma},185Review = {* immobilizer chips prevent key copying186* legal implications (no trace of theft / closing/opening the door)187* open car to access OBD-II port for further attacks},188Timestamp = {2015.05.15},189Url = {https://eprint.iacr.org/2010/332.pdf}190}191192@Misc{Gallagher2015,193Title = {Fiat Chrysler recalls 1.4 million cars over remote hack vulnerability},194195Author = {Sean Gallagher},196HowPublished = {arstechnica},197Month = jul,198Year = {2015},199200Owner = {Martin Thoma},201Timestamp = {2015.09.03},202Url = {http://arstechnica.com/security/2015/07/fiat-chrysler-recalls-1-4-million-cars-over-remote-hack-vulnerability/}203}204205@Misc{Greenberg2015,206Title = {Your {BMW} or {Benz} Could Also Be Vulnerable to That {GM} {OnStar} Hack},207208Author = {Andy Greenberg},209Month = aug,210Year = {2015},211212Owner = {Martin Thoma},213Timestamp = {2015.09.03},214Url = {http://www.wired.com/2015/08/bmw-benz-also-vulnerable-gm-onstar-hack/}215}216217@Misc{Dailymail2015,218Title = {Car-hackers driving off with top motors: Increasing numbers being stolen after thieves simply bypass security devices},219220Author = {Chris Greenwood},221Month = feb,222Year = {2015},223224Abstract = {Gangs using �keyless� techniques are estimated to have stolen more than 6,000 vehicles in London alone last year � almost half of all cars and vans stolen.225226...227228229[...] Experts are concerned that thieves may even be using computer malware to take over vehicle systems via satellite, issuing remote commands for them to unlock and start up.[...]},230Owner = {Martin Thoma},231Timestamp = {2015.06.15},232Url = {http://www.dailymail.co.uk/news/article-2938793/Car-hackers-driving-motors-Increasing-numbers-stolen-thieves-simply-bypass-security-devices.html}233}234235@Article{Howard2006,236Title = {A process for performing security code reviews},237Author = {Howard, M.A.},238Journal = {Security Privacy, IEEE},239Year = {2006},240241Month = jul,242Number = {4},243Pages = {74-79},244Volume = {4},245246__markedentry = {[Martin Thoma:]},247Abstract = {No one really likes reviewing source code for security vulnerabilities; its slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn't an option},248Doi = {10.1109/MSP.2006.84},249File = {:home/moose/GitHub/informatik-2011/Paper/sicherheit-kog-autos/a-process-for-performing-security-code-reviews.pdf:PDF},250ISSN = {1540-7993},251Keywords = {program debugging;program diagnostics;security of data;security code reviews;security vulnerabilities;Computer bugs;Computer security;Data analysis;Data security;History;Java;Performance analysis;Privacy;Software tools;Wildlife;code review;secure code;security vulnerabilities},252Owner = {Martin Thoma},253Timestamp = {2015.06.29}254}255256@Patent{Hwang1997,257Title = {Wireless car security system},258Nationality = {United States},259Year = {1997},260Author = {Hwang, S.M.},261Month = jul,262Note = {US Patent 5,648,754},263Url = {https://www.google.com/patents/US5648754},264265Owner = {Martin Thoma},266Publisher = {Google Patents},267Timestamp = {2015.06.19}268}269270@Misc{SAE2004,271Title = {Recommended Practice for Pass-Thru Vehicle Programming},272273Author = {SAE International},274Month = dec,275Year = {2004},276277Institution = {Vehicle E E System Diagnostic Standards Committee},278Organization = {SAE International},279Owner = {Martin Thoma},280Timestamp = {2015.06.29},281Url = {http://standards.sae.org/j2534/1_200412/}282}283284@Misc{Jones2015,285Title = {{BMW} Fixes Software Flaw That Would�ve Let Hackers Unlock Doors},286287Author = {Willie Jones},288Month = feb,289Year = {2015},290291Owner = {Martin Thoma},292Timestamp = {2015.06.19},293Url = {http://spectrum.ieee.org/cars-that-think/transportation/systems/bmw-fixes-vehicle-software-flaw-that-wouldve-let-hackers-in}294}295296@Book{Metasploit2012,297Title = {Metasploit},298Author = {David Kennedy},299Publisher = {mitp Professional},300Year = {2012},301302Owner = {Martin Thoma},303Timestamp = {2015.06.04}304}305306@TechReport{Kiencke1986,307Title = {Automotive Serial Controller Area Network},308Author = {Uwe Kiencke AND Siegfried Dais AND Martin Litschel},309Institution = {Robert Bosch GmbH},310Year = {1986},311Month = feb,312313Abstract = {A high speed serial communication link has been developed for interconnecting electronic control units within automobiles. The incorporation of object oriented communication in conjunction with acceptance filtering introduces a new level of message handling efficiency and flexibility. Powerful error handling techniques guarantee safe operation in noisy automotive environments.},314Doi = {10.4271/860391},315Owner = {Martin Thoma},316Timestamp = {2015.06.01},317Url = {http://papers.sae.org/860391/}318}319320@InProceedings{Koscher2010,321Title = {Experimental Security Analysis of a Modern Automobile},322Author = {Koscher, Karl and Czeskis, Alexei and Roesner, Franziska and Patel, Shwetak and Kohno, Tadayoshi and Checkoway, Stephen and McCoy, Damon and Kantor, Brian and Anderson, Danny and Shacham, Hovav and Savage, Stefan},323Booktitle = {Proceedings of the 2010 IEEE Symposium on Security and Privacy},324Year = {2010},325326Address = {Washington, DC, USA},327Pages = {447--462},328Publisher = {IEEE Computer Society},329Series = {SP '10},330331Acmid = {1849990},332Doi = {10.1109/SP.2010.34},333File = {:/home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/cars-oakland2010.pdf:PDF},334ISBN = {978-0-7695-4035-1},335Keywords = {Automobiles, communication standards, communication system security, computer security, data buses},336Numpages = {16},337Owner = {Martin Thoma},338Timestamp = {2015.04.24},339Url = {http://dx.doi.org/10.1109/SP.2010.34}340}341342@Misc{Lee2014,343Title = {Keyless cars 'increasingly targeted by thieves using computers'},344345Author = {Dave Lee},346Month = oct,347Year = {2014},348349Owner = {Martin Thoma},350Timestamp = {2015.06.15},351Url = {http://www.bbc.com/news/technology-29786320}352}353354@Article{Leen2002,355Title = {Expanding automotive electronic systems},356Author = {Leen, G. and Heffernan, D.},357Journal = {Computer},358Year = {2002},359360Month = jan,361Number = {1},362Pages = {88-93},363Volume = {35},364365Abstract = {A vast increase in automotive electronic systems, coupled with related demands on power and design, has created an array of new engineering opportunities and challenges. Today's high-end vehicles may have more than 4 kilometers of wiring, compared to 45 meters in vehicles manufactured in 1955. Reducing wiring mass through in-vehicle networks will bring an explosion of new functionality and innovation. Our vehicles will become more like PCs, creating the potential for a host of plug-and-play devices. On average, US commuters spend 9 percent of their day in an automobile. Thus, introducing multimedia and telematics to vehicles will increase productivity and provide entertainment for millions. Further, X-by-wire solutions will make computer diagnostics a standard part of mechanics' work and may even create an electronic chauffeur},366Doi = {10.1109/2.976923},367File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/Expanding-Automotive-Electronic-Systems.pdf:PDF},368ISSN = {0018-9162},369Keywords = {automobiles;automotive electronics;controller area networks;entertainment;multimedia systems;traffic engineering computing;PCs;US commuters;X-by-wire solutions;automobile;automotive electronic systems;computer diagnostics;electronic chauffeur;engineering opportunities;entertainment;high-end vehicles;in-vehicle networks;multimedia;plug-and-play devices;productivity;telematics;wiring mass;Automobile manufacture;Automotive electronics;Automotive engineering;Design engineering;Explosions;Personal communication networks;Power engineering and energy;Technological innovation;Vehicles;Wiring},370Owner = {Martin Thoma},371Timestamp = {2015.06.19},372Url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=976923}373}374375@InProceedings{Li2008,376Title = {A design for automotive CAN bus monitoring system},377Author = {Renjun Li and Chu Liu and Feng Luo},378Booktitle = {Vehicle Power and Propulsion Conference, 2008. VPPC '08. IEEE},379Year = {2008},380Month = sep,381Pages = {1-5},382383Abstract = {This system is designed to test automotive CAN (controller area network) controlled devices or entire network. This system not only can display CAN frames (CAN 2.0A/B) received from or sent onto CAN bus, but also can record data on log files for off-line evaluation. Users can configure several monitoring modes and CAN channel features of the system with PC application. Furthermore the USB technology adopted in the system make it a more practical and convenient CAN bus testing system.},384Doi = {10.1109/VPPC.2008.4677544},385File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/04677544.pdf:PDF},386Keywords = {automotive electronics;controller area networks;field buses;protocols;CAN bus testing system;PC application;USB technology;automotive CAN bus monitoring system;controller area network;off-line evaluation;serial bus communication protocol;Automotive engineering;Control systems;Educational institutions;Filters;Monitoring;Propulsion;Smart cards;Space vehicles;System testing;Universal Serial Bus;CAN Bus;Monitoring System;USB},387Owner = {Martin Thoma},388Timestamp = {2015.06.01}389}390391@Misc{Mahaffey2015,392Title = {Hacking a {Tesla} Model S: What we found and what we learned},393394Author = {Kevin Mahaffey},395Month = aug,396Year = {2015},397398Owner = {Martin Thoma},399Timestamp = {2015.09.03},400Url = {https://blog.lookout.com/blog/2015/08/07/hacking-a-tesla/}401}402403@Article{McGraw2008,404Title = {Automated Code Review Tools for Security},405Author = {McGraw, G.},406Journal = {Computer},407Year = {2008},408409Month = dec,410Number = {12},411Pages = {108-111},412Volume = {41},413414__markedentry = {[Martin Thoma:6]},415Abstract = {Computer security has experienced important fundamental changes over the past decade. The most promising developments in security involve arming software developers and architects with the knowledge and tools they need to build more secure software. Among the many security tools available to software practitioners, static analysis tools for automated code review are the most effective. The paper presents how they work and why all developers should use them.},416Doi = {10.1109/MC.2008.514},417File = {:home/moose/GitHub/informatik-2011/Paper/sicherheit-kog-autos/automated-code-review-tools-for-security.pdf:PDF},418ISSN = {0018-9162},419Keywords = {program diagnostics;security of data;automated code review tools;computer security;secure software;software architects;software developers;static analysis tools;Application software;Best practices;Computer hacking;Computer security;IP networks;Instruments;Local area networks;Programming profession;Risk analysis;Software tools;code review;how things work;software development;software security;static analysis tools},420Language = German,421Owner = {Martin Thoma},422Timestamp = {2015.06.29}423}424425@Misc{Mixter,426Title = {Writing buffer overflow exploits - a tutorial for beginners},427428Author = {Mixter},429430Url = {http://www.eecis.udel.edu/~bmiller/cis459/2007s/readings/buff-overflow.html}431}432433@Misc{Nol2012,434Title = {Car thieves can steal motors in just 10 seconds - six times faster than a decade ago (and black Audis are their favourite)},435436Author = {Steve Nolan},437Month = oct,438Year = {2012},439440Abstract = {And Black Audis are top of car thieves� shopping lists with 150,000 cars are stolen each year and two thirds of these taken with their keys.441...},442Owner = {Martin Thoma},443Timestamp = {2015.06.15},444Url = {http://www.dailymail.co.uk/news/article-2223414/Car-thieves-steal-motors-just-10-seconds--times-faster-decade-ago-black-Audis-favourite.html}445}446447@InProceedings{Obermaisser2008,448Title = {Temporal and Spatial Partitioning of a Time-Triggered Operating System Based on Real-Time Linux},449Author = {Obermaisser, R. and Leiner, B.},450Booktitle = {Object Oriented Real-Time Distributed Computing (ISORC), 2008 11th IEEE International Symposium on},451Year = {2008},452Month = may,453Pages = {429-435},454455Abstract = {Real-time Linux variants are becoming prominent solutions for the development of embedded systems. Compared to traditional real-time operating systems, embedded system engineers can leverage solutions and knowhow from the Linux development community (e.g., development tools, applications, drivers). Due to the availability of implementations of Internet protocols and network drivers, Linux also facilitates the implementation of embedded systems connected to the Internet. The goal of this paper is to evaluate experimentally the capabilities of the Real-time Linux variant RTAI/LXRT with respect to partitioning between different application software modules. Partitioning ensures that a failure caused by a design fault in one application software module cannot propagate to cause a failure in other application software modules, e.g., by blocking access to the CPU or by overwriting memory. Partitioning is important when building mixed-criticality systems comprising both non safety-critical software modules and safety-related ones. Even at the same level of criticality, partitioning improves the robustness of an embedded system. The experimental results described in this paper point out several limitations of RTAI/LXRT Linux concerning fault isolation. Based on these results, we propose modifications to improve the partitioning with respect to temporal and spatial interference.},456Doi = {10.1109/ISORC.2008.10},457File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/temporal-and-spatial-partitioning-of-a-time-triggered-operating-system-based-on-real-time-linux.pdf:PDF},458Keywords = {Linux;operating systems (computers);safety-critical software;real-time Linux;real-time abstraction interface;safety-critical software module;spatial partitioning;temporal partitioning;time-triggered operating system;Application software;Buildings;Embedded system;IP networks;Linux;Operating systems;Protocols;Real time systems;Software safety;Systems engineering and theory;fault-tolerance;operating systems;partitioning;real-time systems},459Owner = {Martin Thoma},460Timestamp = {2015.06.19}461}462463@Misc{Poulsen2010,464Title = {Hacker Disables More Than 100 Cars Remotely},465466Author = {Kevin Poulsen},467Month = mar,468Year = {2010},469470Owner = {Martin Thoma},471Timestamp = {2015.09.03},472Url = {http://www.wired.com/2010/03/hacker-bricks-cars/}473}474475@Misc{Rojas2014,476Title = {Der Hacker als Chauffeur},477478Author = {Ra�l Rojas},479Month = dec,480Year = {2014},481482Abstract = {(Wolfgang Wiewesiek, "Secure Hardware Extension", Workshop on Cryptography and Embedded Security, N�rnberg, 2012},483Owner = {Martin Thoma},484Timestamp = {2015.06.15},485Url = {http://www.heise.de/tp/artikel/43/43544/1.html}486}487488@InProceedings{Rouf2010,489Title = {Security and Privacy Vulnerabilities of In-car Wireless Networks: A Tire Pressure Monitoring System Case Study},490Author = {Rouf, Ishtiaq AND Miller, Rob AND Mustafa, Hossen AND Taylor, Travis AND Oh, Sangho AND Xu, Wenyuan AND Gruteser, Marco AND Trappe, Wade AND Seskar, Ivan},491Booktitle = {Proceedings of the 19th USENIX Conference on Security},492Year = {2010},493494Address = {Berkeley, CA, USA},495Pages = {21--21},496Publisher = {USENIX Association},497Series = {USENIX Security'10},498499Acmid = {1929848},500File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/security-and-privacy-vulnerabilities-of-in-car-wireless-networks-a-tire-pressure-monitoring-system-case-study2010-002-tpms.pdf:PDF},501ISBN = {888-7-6666-5555-4},502Location = {Washington, DC},503Numpages = {1},504Owner = {Martin Thoma},505Review = {* eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle506* Further, current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages.507* The wide deployment of TPMSs in the United States is an outgrowth of the TREAD Act [35] resulting from the Ford-Firestone tire failure controversy [17].508* [...] These benefits have recently led to similar legislation in the European Union [7] which mandates TPMSs on all new vehicles starting in 2012.509* Spoofing (low pressure warning!) / Jamming / Reading / Vehicle identificaion is possible510* Temporary IDs could be used},511Timestamp = {2015.05.15},512Url = {http://dl.acm.org/citation.cfm?id=1929820.1929848}513}514515@Book{Sambleben2012,516Title = {Informationstechnologie und Sicherheitspolitik: Wird der dritte Weltkrieg im Internet ausgetragen?},517Author = {Sambleben, J. AND Schumacher, S.},518Publisher = {Books on Demand},519Year = {2012},520521ISBN = {9783848232703},522Owner = {Martin Thoma},523Timestamp = {2015.06.04},524Url = {https://books.google.de/books?id=ZFOR4lELZ40C}525}526527@Book{ServerSecurity2008,528Title = {Guide to general server security},529Author = {Karen Scarfone AND Wayne Jansen AND Miles Tracy},530Publisher = {U.S. Dept. of Commerce, National Institute of Standards and Technology},531Year = {2008},532533Owner = {Martin Thoma},534Timestamp = {2015.06.11},535Url = {http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf}536}537538@Patent{Seibold1988,539Title = {Security system and method for electronic apparatus, particularly car radios or similar automotive audio equipment},540Nationality = {United States},541Number = {US4720700 A},542Year = {1988},543Yearfiled = {1986},544Author = {Seibold, P. and Strauss, K.P.},545Month = jan # {~19},546Note = {US Patent 4,720,700},547Url = {https://www.google.com/patents/US4720700},548549Owner = {Martin Thoma},550Publisher = {Google Patents},551Timestamp = {2015.06.19}552}553554@Misc{Seltzer2013,555Title = {The {Morris} Worm: Internet malware turns 25},556557Author = {Larry Seltzer},558Month = nov,559Year = {2013},560561Owner = {Martin Thoma},562Timestamp = {2015.09.04},563Url = {http://www.zdnet.com/article/the-morris-worm-internet-malware-turns-25/}564}565566@Book{Silberschatz2005,567Title = {Operating System Concepts},568Author = {Abraham Silberschatz AND Peter Baer Galvin AND Greg Gagne},569Editor = {7},570Publisher = {John Wiley \& Sons. Inc},571Year = {2005},572573Owner = {Martin Thoma},574Timestamp = {2015.09.05}575}576577@InProceedings{Song2008,578Title = {SVATS: A Sensor-Network-Based Vehicle Anti-Theft System},579Author = {Hui Song and Sencun Zhu and Guohong Cao},580Booktitle = {INFOCOM 2008. The 27th Conference on Computer Communications. IEEE},581Year = {2008},582Month = apr,583Pages = {-},584585Abstract = {Today vehicle theft rate is very high, thus tracking/alarming systems are being deployed with an increasingly popularity. These systems however bear some limitations such as high cost, high false-alarm rate, and easy to be disabled. This paper describes the design, implementation and evaluation of a Sensor-network-based Vehicle Anti-Theft System (SVATS) to address these limitations. In this system, the sensors in the vehicles that are parked within the same parking area first form a sensor network, then monitor and identify possible vehicle thefts by detecting unauthorized vehicle movement. When an unauthorized movement is detected, an alert will be reported to a base station in the parking area, which sends warning messages to the security office. This paper focuses on the technical issues specific to the system such as topology management, theft detection, and intra-vehicle networking.},586Doi = {10.1109/INFOCOM.2008.279},587File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/svats-a-sensor-network-based-vehicle-anti-theft-system.pdf:PDF},588ISSN = {0743-166X},589Keywords = {alarm systems;road vehicles;traffic engineering computing;wireless sensor networks;alarming system;base station;false-alarm rate;intra-vehicle networking;sensor-network-based vehicle anti-theft system;topology management;tracking system;unauthorized vehicle movement detection;vehicle theft rate;Alarm systems;Base stations;Broadcasting;Communications Society;Computer science;Costs;Global Positioning System;Monitoring;Sensor systems;Vehicle detection},590Owner = {Martin Thoma},591Timestamp = {2015.06.19}592}593594@Misc{Spaar2015,595Title = {{Auto, \"offne dich! Sicherheitsl\"ucken bei {BMWs} ConnectedDrive}},596597Author = {Dieter Spaar},598Year = {2015},599600File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/ct-bmw-hack.pdf:PDF},601Journal = {c't},602Owner = {Martin Thoma},603Timestamp = {2015.05.15},604Url = {http://www.heise.de/newsticker/meldung/ConnectedDrive-Der-BMW-Hack-im-Detail-2540786.html}605}606607@Misc{Stevens2015,608Title = {{GM} issues fix for {OnStar} hack},609610Author = {Tim Stevens},611Month = jul,612Year = {2015},613614Owner = {Martin Thoma},615Timestamp = {2015.09.03},616Url = {http://www.cnet.com/news/ownstar-onstar-hack/}617}618619@TechReport{Stumpf2013,620Title = {CycurHSM - An Automotive-qualified Software Stack for Hardware Security Modules},621Author = {Frederic Stumpf},622Institution = {escrypt GmbH},623Year = {2013},624625File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/CycurHSM-Whitepaper.pdf:PDF},626Owner = {Martin Thoma},627Timestamp = {2015.05.15},628Url = {https://www.escrypt.com/fileadmin/escrypt/pdf/CycurHSM-Whitepaper.pdf}629}630631@InProceedings{Syverson1994,632Title = {A taxonomy of replay attacks [cryptographic protocols]},633Author = {Syverson, P.},634Booktitle = {Computer Security Foundations Workshop VII, 1994. CSFW 7. Proceedings},635Year = {1994},636Month = jun,637Pages = {187-191},638639Abstract = {This paper presents a taxonomy of replay attacks on cryptographic protocols in terms of message origin and destination. The taxonomy is independent of any method used to analyze or prevent such attacks. It is also complete in the sense that any replay attack is composed entirely of elements classified by the taxonomy. The classification of attacks is illustrated using both new and previously known attacks on protocols. The taxonomy is also used to discuss the appropriateness of particular countermeasures and protocol analysis methods to particular kinds of replays},640Doi = {10.1109/CSFW.1994.315935},641ISSN = {1063-6900},642Keywords = {cryptography;protocols;cryptographic protocols;message origin;replay attacks;taxonomy;Authorization;Cryptographic protocols;Cryptography;Laboratories;Security;Taxonomy}643}644645@Patent{Turner1999,646Title = {Automotive vehicle anti-theft and anti-vandalism and anti-carjacking system},647Nationality = {United States},648Number = {US6002326 A},649Year = {1999},650Yearfiled = {1997},651Author = {Turner, V.J.},652Month = dec # {~14},653Note = {US Patent 6,002,326},654Url = {https://www.google.com/patents/US6002326},655656Owner = {Martin Thoma},657Publisher = {Google Patents},658Timestamp = {2015.06.19}659}660661@InProceedings{Verdult2015,662Title = {Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer},663Author = {Roel Verdult and Flavio D. Garcia and Baris Ege},664Booktitle = {Supplement to the 22nd USENIX Security Symposium (USENIX Security 13)},665Year = {2015},666667Address = {Washington, D.C.},668Pages = {703--718},669Publisher = {USENIX Association},670671ISBN = {978-1-931971-232},672Url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/verdult}673}674675@Article{Wolf2004,676Title = {Sicherheit in automobilen Bussystemen},677Author = {Marko Wolf AND Andr{\'e} Weimerskirch AND Christof Paar},678Journal = {Automotive - Safety \& Security},679Year = {2004},680681Month = oct,682683File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/WolfEtAl_SicherheitAutomobileBussysteme.pdf:PDF},684Owner = {Martin Thoma},685Timestamp = {2015.06.15},686Url = {http://www.weimerskirch.org/papers/WolfEtAl_SicherheitAutomobileBussysteme.pdf}687}688689@Misc{Dailymail2014,690Title = {Forget carjacking, the next big threat is car-HACKING: Thousands of vehicles are being stolen using cheap gadgets bought online},691692Author = {Victoria Woollaston},693Month = may,694Year = {2014},695696Abstract = {... According to the MPS, 21,000 cars were stolen last year, and a further 68,000 were broken into. ...},697Owner = {Martin Thoma},698Timestamp = {2015.06.15},699Url = {http://www.dailymail.co.uk/sciencetech/article-2623275/Forget-carjacking-big-threat-car-HACKING-Thousands-vehicles-stolen-using-cheap-gadgets-bought-online.html}700}701702@Article{Wright2011,703Title = {Hacking Cars},704Author = {Wright, Alex},705Journal = {Commun. ACM},706Year = {2011},707708Month = nov,709Number = {11},710Pages = {18--19},711Volume = {54},712713Acmid = {2018403},714Address = {New York, NY, USA},715Doi = {10.1145/2018396.2018403},716File = {:home/moose/GitHub/informatik-2011/Master/Wahlfach/Seminar-Kongitive-Automobile/hacking-cars-p18-wright.pdf:PDF},717ISSN = {0001-0782},718Issue_date = {November 2011},719Numpages = {2},720Owner = {Martin Thoma},721Publisher = {ACM},722Review = {"Ever since Toyota's well-publicized723struggles with the computerized brak-724ing systems in its 2010 Prius hybrid725cars, automotive computer systems726have come under increasing scrutiny."727728See http://edition.cnn.com/2010/WORLD/asiapcf/02/04/japan.prius.complaints/ - Probleme mit ABS / delay of break729730"At the University of South Carolina,731assistant professor Wenyuan Xu dis-732covered that she could track the move-733ment of cars by tapping into the RFID734data stored in modern tire pressure735monitoring systems from up to a dis-736tance of 40 meters."737738Kevin739Finisterre of security consultancy Dig-740ital Munition - police cars741742Embedded Vehicle Safety Committee},743Timestamp = {2015.05.15},744Url = {http://doi.acm.org/10.1145/2018396.2018403}745}746747@Misc{AirbiquityFord,748Title = {Airbiquity link highlights {Ford}'s telematics strategy},749Year = {2008},750751Owner = {Martin Thoma},752Timestamp = {2015.06.29},753Url = {http://www.sae.org/automag/technewsletter/080506Tech/07.htm}754}755756@Misc{AirbiquityBMW,757Title = {Airbiquity Signs Telematics Deal With {BMW}},758Month = oct,759Year = {2006},760761Owner = {Martin Thoma},762Timestamp = {2015.06.29},763Url = {http://www.airbiquity.com/news/press-releases/airbiquity-signs-telematics-deal-bmw/}764}765766767768